← Back to main page

Senior Application Security Engineer

Salary not provided

Minimum year of experience: 3

KOMOJU

About this position

We are looking for an experienced and dynamic Application Security Engineer to join our team. The ideal candidate will play a pivotal role in managing our bug bounty programs, building a robust application security program from the ground up, and fostering a strong security culture within the organization. Previous experience as a developer is highly desirable, as it will aid in understanding and mitigating security vulnerabilities in our applications. Passion and a sense of ownership, along with effective communication skills, are crucial for success in this role.

Responsibilities

  1. Build the Application Security Program

    • Develop policies, procedures, and standards to safeguard our applications.
    • Conduct risk assessments and implement controls to mitigate security threats.
    • Help manage external pentesting required to meet regulatory compliance.

  2. Integrate Security into the SDLC

    • Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
    • Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
    • Guide development teams in integrating security best practices.
    • Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.

  3. Foster a Secure Code Culture

    • Promote application-security awareness and best practices across all teams.
    • Conduct code reviews and provide guidance on secure coding practices and secure software architecture.
    • Provide training and resources to development teams to ensure secure coding practices.

Qualifications

  • Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
  • Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks).
  • Strong understanding of security principles and practices.
  • Previous experience as a developer is highly desirable.
  • Familiarity with application security assessment tools.
  • Experience with end-to-end vulnerability management (e.g., SAST and DAST).
  • Technical knowledge to understand vulnerability risk and remediation steps.
  • DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).
  • Familiar with security hardening standards and implementation.

Nice to have

  • Working proficiency in Japanese is helpful but not necessary.
  • Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams.
  • Experience with building custom security tooling is a plus.
  • Cyber Security related certifications.

Tech Stack

  • Languages: JavaScript, Ruby, Python, Rust
  • Frameworks: Ruby on Rails, Vue
  • Databases: PostgreSQL, MySQL
  • DevOps: Docker, AWS
  • Version Control: GitHub
  • Monitoring and Logging: DataDog

Benefits

  • Remote work flexibility with optional office space for in-person collaboration.
  • 10 days regular vacation, additional 5 days summer and 5 days winter vacation.
  • Paid birthday holiday.
  • Budget for self-learning allowance, to ensure our employees’ skills remain current.
  • Language training for Japanese.
reco経由で応募する